Description:
We are looking for a Security Engineer with expertise in web, mobile, network, and cloud penetration testing to join our team. The ideal candidate will have a strong background in offensive security, excellent communication skills, and the ability to articulate security findings effectively to both technical and non-technical stakeholders.
Key Responsibilities
- Conduct penetration tests on web applications, mobile applications, cloud environments, and network infrastructure.
- Identify, exploit, and document vulnerabilities while providing detailed remediation guidance.
- Perform secure code reviews and security assessments of applications and cloud architectures.
- Collaborate with development, IT, and security teams to improve security postures.
- Prepare comprehensive security reports with clear technical details and executive summaries.
- Stay updated on the latest security threats, tools, and techniques.
- Assist in threat modeling and security architecture reviews for applications and cloud services.
- Participate in red teaming and adversary simulation exercises.
Requirements
- 6 months - 1 year of hands-on experience in penetration testing (web, mobile, network, and cloud).
- Proficiency with security tools like ZAP, Metasploit, Nmap, Nessus, and AWS/Azure security tools.
- Strong understanding of OWASP Top 10, OWASP ASVS, etc.
- Experience in testing cloud environments (AWS, Azure, GCP), including cloud-specific security misconfigurations.
- Strong communication and report-writing skills, with the ability to present findings clearly to various stakeholders.
- Scripting and automation experience in Python, Bash, or PowerShell is a plus.